diff --git a/kubernetes/apps/default/authelia/app/patches/patches/postgres.yaml b/kubernetes/apps/default/authelia/app/patches/patches/postgres.yaml new file mode 100644 index 000000000..00e65af02 --- /dev/null +++ b/kubernetes/apps/default/authelia/app/patches/patches/postgres.yaml @@ -0,0 +1,32 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helmrelease_v2beta1.json +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: lychee + namespace: default +spec: + values: + initContainers: + init-db: + image: ghcr.io/onedr0p/postgres-initdb:14.7 + env: + - name: POSTGRES_HOST + value: ${POSTGRES_HOST} + - name: POSTGRES_DB + value: lychee + - name: POSTGRES_SUPER_PASS + valueFrom: + secretKeyRef: + name: postgres-superuser + key: password + - name: POSTGRES_USER + valueFrom: + secretKeyRef: + name: lychee + key: DB_USERNAME + - name: POSTGRES_PASS + valueFrom: + secretKeyRef: + name: lychee + key: DB_PASSWORD diff --git a/kubernetes/apps/default/github-pushover-notifier/app/helmrelease.yaml b/kubernetes/apps/default/github-pushover-notifier/app/helmrelease.yaml index 0a6dc3ff3..2adf1c350 100644 --- a/kubernetes/apps/default/github-pushover-notifier/app/helmrelease.yaml +++ b/kubernetes/apps/default/github-pushover-notifier/app/helmrelease.yaml @@ -32,10 +32,12 @@ spec: strategy: Recreate image: repository: ghcr.io/auricom/github-pushover-notifier - tag: rolling@sha256:5b9f1ba592ec1bb0b964c3e1f01f37f6d8cd2ed967c23b0db97bfccc7470b820 + tag: rolling@sha256:7acc3accde9c9d07a2a128c02b7032b10a65b1776d10fde4c7132a55e3798bd2 service: main: enabled: false + env: + POSTGRES_HOST: ${POSTGRES_HOST} envFrom: - secretRef: name: github-pushover-notifier-secret diff --git a/kubernetes/apps/default/github-pushover-notifier/app/kustomization.yaml b/kubernetes/apps/default/github-pushover-notifier/app/kustomization.yaml index b7d8004d7..c5b6682be 100644 --- a/kubernetes/apps/default/github-pushover-notifier/app/kustomization.yaml +++ b/kubernetes/apps/default/github-pushover-notifier/app/kustomization.yaml @@ -6,6 +6,8 @@ namespace: default resources: - ./helmrelease.yaml - ./secret.sops.yaml +patchesStrategicMerge: + - ./patches/postgres.yaml configMapGenerator: - name: github-pushover-notifier-configmap files: diff --git a/kubernetes/apps/default/github-pushover-notifier/app/patches/postgres.yaml b/kubernetes/apps/default/github-pushover-notifier/app/patches/postgres.yaml new file mode 100644 index 000000000..cea279a03 --- /dev/null +++ b/kubernetes/apps/default/github-pushover-notifier/app/patches/postgres.yaml @@ -0,0 +1,23 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helmrelease_v2beta1.json +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: github-pushover-notifier + namespace: default +spec: + values: + initContainers: + init-db: + image: ghcr.io/onedr0p/postgres-initdb:14.7 + env: + - name: POSTGRES_HOST + value: ${POSTGRES_HOST} + - name: POSTGRES_SUPER_PASS + valueFrom: + secretKeyRef: + name: postgres-superuser + key: password + envFrom: + - secretRef: + name: github-pushover-notifier-secret diff --git a/kubernetes/apps/default/github-pushover-notifier/app/secret.sops.yaml b/kubernetes/apps/default/github-pushover-notifier/app/secret.sops.yaml index bc9200f4c..6a4a72481 100644 --- a/kubernetes/apps/default/github-pushover-notifier/app/secret.sops.yaml +++ b/kubernetes/apps/default/github-pushover-notifier/app/secret.sops.yaml @@ -6,7 +6,10 @@ metadata: namespace: default type: Opaque stringData: - PUSHOVER_APP_TOKEN: ENC[AES256_GCM,data:vZCC9d3sOz/FslZ694zFWNhApc+TF/V+SIjT+HQH,iv:sbil13a6FnKX6zZOmfNb+e+nQak56xCkr3IETl26E1c=,tag:UzJEk2XvG/8yXqVjy0JeMA==,type:str] + POSTGRES_DB: ENC[AES256_GCM,data:TnN+0+oj8dnOfK4cLhG7X92uSKnQXYG8,iv:OhJfVcPs7abVQSkVdXfFz/Fquoo5RxJ/Wc3oiV4Bt6s=,tag:fIKiwnzjvmxa8MDMkUQBdw==,type:str] + POSTGRES_USER: ENC[AES256_GCM,data:bVUPMIrL2WLRdwJvraggsxv3NE6PN9KH,iv:k2+xPOalt7Qy/HQSA5TnRcUVWKxiuEAXsAdFMGZaajc=,tag:75ijQQTliXZrOu4gGPEHTw==,type:str] + POSTGRES_PASS: ENC[AES256_GCM,data:HifiMzAawK0mls6hrE58j2c23lc=,iv:O59tbU+JN4LAfuhLo+4y+AJx7ZrTPWPxPX9QtGLFvYQ=,tag:xtdaVNj6D0Wr/Ven+p8tJg==,type:str] + PUSHOVER_API_TOKEN: ENC[AES256_GCM,data:3L6WwMNDFwmlOr5fqjvcAAZDzqkC+amE5YLdNVfR,iv:VHAadcQN5Ymr5iH9zZ5rZ5OLvYwe5HDuTQMLfQhIPnA=,tag:EdyCcoDrh8NvbzN3UnCInw==,type:str] PUSHOVER_USER_KEY: ENC[AES256_GCM,data:zgoGVo8k7xjuT0+W5AyAkGtJpmTkplW3wmAWqZrY,iv:8ZYZT1I7EOK2mfvjSY+4RfRHQeczYmxihfDHcjRpUSI=,tag:Vkq+ny1eVmAOHmBiAutuNg==,type:str] sops: kms: [] @@ -23,8 +26,8 @@ sops: OGVKWU0zNUZJSFh4aFJxQWFsYm1VeFkKaDeI/hl7z0Qh8t5W39Kxu9ert1dt4xo+ LX+MjpVqxiZNcfwROD4bkWeQSN+VsxoGOOyj4L15BlggNnlg+L7Hww== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-03-15T23:05:03Z" - mac: ENC[AES256_GCM,data:GHQ9hgNkDb5vJw+CHrUbnRn2B3xB9+8wG5xP9k4flvl2AWCS1m+y/Mo9pjUcxyTGBvzY1wifQo0QSwqRZ4oOGKzV2jTFKpzgZ6d0G8SvIOySJP3fPxUAc0O/72zVZygovqy4guopORPSQn/Z5TNgAMwRBFZAI52TUUHHsJA/X5I=,iv:kLPgfAR7TgbtuxN3n8a1eiq8lCZWZ5k/UOXETGvbDPU=,tag:4jP4MLnTJBcznqnq/+VJpw==,type:str] + lastmodified: "2023-03-16T01:31:13Z" + mac: ENC[AES256_GCM,data:XXWzdXCDpiT8u+3C8UpppETsPeillRBzqp99bk9I2NVIs0Z0EjHEQ9cFNQ07CNuwqy7w4ta+ZnGWQGDRrOZrbNclF/z3dj7TJ0VXXil6YbuSQe5+a1x9M4RnDnJC4xPhnplNMewcQ5tqbmZJ6hMaO6VMRShuZkTq15qXl2op1Dw=,iv:7pXYwZhp/tNG83+2pplvNbhx2HRuP2qkWOK3c+1sSmU=,tag:4hJsjMyrAcZQfV8O642WAA==,type:str] pgp: [] encrypted_regex: ^(data|stringData)$ version: 3.7.3